HOT IT RUNNER PACK V126.96.36.199
The version number of a complex piece of software represents the whole package and is independent of the version numbers of the parts. The Gizmo version 3.2.5 might contain Foo version 1.2.0 and Bar version 9.5.4.
HOT IT RUNNER PACK V188.8.131.52
x.yz.bbbbb. Where:x: is the major version (major new features)y: is the minor version number (small new features, small improvements without UI changes)z: is the service pack (basically the same as x.y but with some bug fixesbbbb: is the build number and only really visible from the "about box" with other details for customer support. bbbb is free format and every product can use it's own.
Optionally, enable logging of the per-thread and per-process performance metric values in the Performance Co-Pilot (PCP) using the pcp-zeroconf package and pmieconf utility. Previously, only the per-process metric values were logged by pmlogger through the pcp-zeroconf package, but some analysis situation also requires per-thread values. As a result, the per-thread metrics are now available for historical analysis, after executing the following command:
With this update, the scap-security-guide packages provide a profile aligned with the CIS Red Hat Enterprise Linux 7 Benchmark v2.2.0. The profile enables you to harden the configuration of the system using the guidelines by the Center for Internet Security (CIS). As a result, you can configure and automate compliance of your RHEL 7 systems with CIS by using the CIS Ansible Playbook and the CIS SCAP profile.
With the release of the RHBA-2021:2803 advisory, the scap-security-guide packages provide an updated profile for ANSSI-BP-028 at the High hardening level. This addition completes the availability of profiles for all ANSSI-BP-028 v1.2 hardening levels. Using the updated profile, you can configure the system to comply with the recommendations from the French National Security Agency (ANSSI) for GNU/Linux Systems at the High hardening level.
The new compat-unixODBC234 package provides version 2.3.4 of unixODBC, a framework that supports accessing databases through the ODBC protocol. This new package is available in the RHEL 7 for SAP Solutions sap-hana repository to enable streaming backup of an SAP HANA database using the SAP backint interface. For more information, see Overview of the Red Hat Enterprise Linux for SAP Solutions subscription.
Red Hat Software Collections (RHSCL) is a Red Hat content set that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on all supported releases of Red Hat Enterprise Linux 7 on AMD64 and Intel 64 architectures, IBM Z, and IBM POWER, little endian.
Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux, nor are they used in preference to these tools. Red Hat Software Collections uses an alternative packaging mechanism based on the scl utility to provide a parallel set of packages. This set enables optional use of alternative package versions on Red Hat Enterprise Linux. By using the scl utility, users can choose which package version they want to run at any time.
If directories in the file system owned by the Directory Server user do not have the correct permissions, Directory Server utilities adjust them accordingly. However, if these permissions were different to the ones that were set during the RPM installation, verifying the RPM using the rpm -V 389-ds-base command failed. This update fixes the permissions in the RPM. As a consequence, verifying the 389-ds-base package no longer complains about incorrect permissions.
Previously, certain documentation files from the perl-devel package had a write permission set for a group. Consequently, users in the root group could write into these files, which represented a security risk. With this update, the write bit for a group has been removed for the affected files. As a result, no documentation file from perl-devel has a write permission set for a group.
Previously, the OpenSCAP scanner logged the inability to get the SELinux context on the ERROR level even in situations where it is not a true error. Consequently, scanner results contained a lot of SELinux context error messages and both the oscap command-line utility and the SCAP Workbench graphical utility outputs were hard to read for that reason. The openscap packages have been fixed, and scanner results no longer contain a lot of SELinux context error messages.
Remediation of the audit_rules_privileged_commands rule in the scap-security-guide packages did not account for a special case in parsing command names. Additionally, the ordering of certain rules prevented successful remediation. As a consequence, remediation of certain combinations of rules reported they were fixed although successive scans reported the rule as failing again. This update improves regular expressions in the rule and the ordering of the rules. As a result, all privileged commands are correctly audited after remediation.
Because default kernel parameters cannot be reliably determined for all supported versions of RHEL, checking kernel parameter settings always requires explicit configuration. The text in the configuration guide mistakenly stated that explicit settings were not needed if the default version was compliant. With this update, the rule description in the scap-security-guide package correctly describes the compliance evaluation and the corresponding remediation.
Remediation of the dconf_gnome_login_banner_text rule in the scap-security-guide packages previously failed after a failure to scan the configuration. As a consequence, the remediation could not properly update the login banner configuration, which was inconsistent with expected results. With this update, Bash and Ansible remediations are more reliable and align with the configuration check implemented using the OVAL standard. As a consequence, remediations now work properly and the rule passes after remediation.
Previously, SCAP Security Guide (SSG) evaluated Postfix-specific rules independently of the postfix package installed on the system. As a result, SSG reported Postfix-specific rules as fail instead of notapplicable. With the release of the RHBA-2021:4781 advisory, SSG correctly evaluates Postfix-specific rules only if the postfix package is installed, and reports notapplicable if the postfix package is not installed.
Previously, the YUM utlity could not install RPM packages signed with GNU Privacy Guard (GPG) keys with revoked subkeys. Consequently, YUM failed with the following error message:
This update introduces a change in the code that checks revocation before checking binding signature. As a result, YUM can now install RPM packages signed with GPG keys with revoked subkeys.
The Wayland display server protocol is available in Red Hat Enterprise Linux as a Technology Preview with the dependent packages required to enable Wayland support in GNOME, which supports fractional scaling. Wayland uses the libinput library as its input driver.
The tss2 package adds IBM implementation of a Trusted Computing Group Software Stack (TSS) 2.0 as a Technology Preview for the IBM Power LE architecture. This package enables users to interact with TPM 2.0 devices.
Note that the criu tool depends on Protocol Buffers, a language-neutral, platform-neutral extensible mechanism for serializing structured data. The protobuf and protobuf-c packages, which provide this dependency, were also introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview. Since Red Hat Enterprise Linux 7.8, the criu package provides support for Podman to do a container checkpoint and restore. The newly added functionality only works without SELinux support.
flower is a Traffic Control (TC) classifier intended to allow users to configure matching on well-known packet fields for various protocols. It is intended to make it easier to configure rules over the u32 classifier for complex filtering and classification tasks. flower also supports the ability to off-load classification and action rules to underlying hardware if the hardware supports it. The flower TC classifier is now provided as a Technology Preview.
The rhel-system-roles-sap package provides Red Hat Enterprise Linux (RHEL) System Roles for SAP, which can be used to automate the configuration of a RHEL system to run SAP workloads. These roles greatly reduce the time to configure a system to run SAP workloads by automatically applying the optimal settings that are based on best practices outlined in relevant SAP Notes. Access is limited to RHEL for SAP Solutions offerings. Please contact Red Hat Customer Support if you need assistance with your subscription.
Since the RHEL 7.5 version of the nss package, the Network Security Services (NSS) libraries provide verifying RSA-PSS signatures on certificates as a Technology Preview. Prior to this update, clients using NSS as the SSL backend were not able to establish a TLS connection to a server that offered only certificates signed with the RSA-PSS algorithm.
Red Hat Enterprise Linux 7 includes a new multiple-queue I/O scheduling mechanism for block devices known as blk-mq. The scsi-mq package allows the Small Computer System Interface (SCSI) subsystem to make use of this new queuing mechanism. This functionality is provided as a Technology Preview and is not enabled by default. To enable it, add scsi_mod.use_blk_mq=Y to the kernel command line.
Make sure to install the dnf-plugin-subscription-manager package, which includes the subscription-manager plug-in. This plug-in is required for accessing protected repositories provided by the Red Hat Customer Portal or Red Hat Satellite 6, and for automatic updates of the /etc/yum.repos.d/redhat.repo file.
The DISA STIG profile and the CIS profile require the removal of the xorg-x11-server-common (X Windows) package but does not require the change of the default target. As a consequence, the system is configured to run the GUI but the X Windows package is missing. As a result, the system does not start properly. To work around this problem, do not use the DISA STIG profile and the CIS profile with the Server with GUI software selection or customize the profile by removing the package_xorg-x11-server-common_removed rule. 041b061a72